Keep appsettings.json in Version Control or not.

Question

User-1851882219 posted

Hello,

Should I keep appsettings.json in Version Control or not? I use docker so my connection string includes username and password, but it's a local environment. Maybe I should create appsettings.json.dist with example settings to allow user to rename it to appsettings.json. What do you think?

Answer 1

User1120430333 posted

Yes configuration file should be kept in the code repository. You should keep config file for development code, and you should keep a version for release code, which would be the named file as development, if the code repository has those capabilities. 

Answer 2

User-1851882219 posted

Ok, so what about passwords? For localhost I use trivial passwords, is it good practice to left things like this in repo?

Answer 3

User1120430333 posted

Ok, so what about passwords? For localhost I use trivial passwords, is it good practice to left things like this in repo?

If you are talking about password, ect. and etc in config file, then yes why not?

Answer 4

User61956409 posted

Hi jakubtobiasz, 

what about passwords? For localhost I use trivial passwords, is it good practice to left things like this in repo?

Normally, it is not recommended to keep passwords or secrets etc sensitive information in source control, even if it's a private repository.

We can imagine that someone on your team who should not have access to these sensitive information could now have access to it, and if he/she do misoperation on systems/resources with pulled passwords or secrets from repository, which would cause serious impact on your project. Besides, if leaking passwords or secrets to public, which may have a devastating impact.

With Regards,

Fei Han